36

I'm currently working on a website developed with Symfony2 and I need to send messages in an Amazon SQS. In order to do that I added to my composer.json: 

"aws/aws-sdk-php": "2.4.*"

Then when I try to create a queue or list queues I've got a 403 error saying:

Access to the resource https://sqs.us-west-2.amazonaws.com/ is denied.

EDIT: added the full error message

AWS Error Code: AccessDenied, Status Code: 403, AWS Request ID: 2fe34c11-7af8-5445-a768-070159a0953e, AWS Error Type: client, AWS Error Message: Access to the resource https://sqs.us-west-2.amazonaws.com/ is denied., User-Agent: aws-sdk-php2/2.4.11 Guzzle/3.7.4 curl/7.25.0 PHP/5.4.3

Here is a sample code of what I do:

$aws = Aws::factory(array(
  'key'    => 'my-key',
  'secret' => 'my-secret',
  'region' => 'us-west-2'
));

$sqs = $aws->get('sqs');

return new Response(var_dump($sqs->listQueues()));

What do I do wrong to get this error ?

jrb
  • 562
  • 2
  • 10
SupaCoco
  • 1,395
  • 2
  • 14
  • 22

2 Answers2

67

After digging I discovered that the account I was using wasn't granted the access to SQS service.

To give a SQS access to an account you have to go to the amazon management console. Then click on IAM. Under this section click on Users and then you can manage permission for each account you created.

SupaCoco
  • 1,395
  • 2
  • 14
  • 22
  • BINGO!! I was having the same issue with Access Rights to users Thanks Supa – Logicalj Dec 01 '14 at 05:13
  • 1
    When every other services can be connected with default user, why there would be a separate need for SQS user? – Babu May 29 '15 at 11:52
  • 6
    BTW, what is the policy you attached? The following is not working and still shows 403.`{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sqs:*", "Resource": "*" } ] }` – janasainik May 29 '18 at 16:44
  • In case you are facing this because of cloud formation. Try updating the permissions of sqs queue in my permission tab. Worked for me – Yousef khan Jan 08 '20 at 12:40
  • 1
    Hi, sometimes is not the real solution, in my case i have granted all required permissions but finally the problem was relation to the mapping template in the Integration Request and also the header content type – Hatim Jan 23 '20 at 21:37
8

Make sure that both the following policies allow access to the SQS queue

  1. Resource (SQS) based policy: The SQS queue should allow your identity to use the queue. You define this using the queue policy (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-sqs-policy). The default queue policy will allow access only to the owner of the queue (owner of the queue is the identity that created the queue).
  2. Identity based policies: The policy for the identity that is accessing the queue should have permission to invoke operations on the queue.

Make sure that the access is not restricted by either one of them.

https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-using-identity-based-policies.html

srgsanky
  • 337
  • 1
  • 6
  • 13